Unisure Limited
Website Privacy Policy
Updated: 20 November 2023
Background
The Unisure website is owned and operated by Unisure Limited (‘Unisure’), a Limited Company registered in England and Wales under company number 09111373 and regulated by the Financial Conduct Authority with FRN 719400. Unisure Limited is a Unisure Group Company.
Registered address: 40 Gracechurch Street London, England EC3V 0BT, United Kingdom.
Email address: info@unisuregroup.com
Telephone number: +44 207 118 1455
Unisure is committed to protecting the privacy and security of your Personal Data.
Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share any information relating to you (your ‘Personal Data’) in connection with your use of our website. It also explains your rights in relation to your Personal Data and how to contact us or a relevant regulator in the event you have a complaint. Your acceptance of this Privacy Policy is deemed to occur upon your first and each subsequent use of Our Site. If you do not accept and agree with this Privacy Policy, you must stop using Our Site immediately.
When we collect Personal Data, we are subject to the provisions of the UK General Data Protection Regulation (‘UK GDPR’). We are also subject to the provisions of the data protection legislation of the territories in which we operate in, such as the EU General Data Protection Regulation (‘EU GDPR’) and the Protection of Personal Information Act 2013 (‘POPIA’) in relation to services we offer to individuals and our wider operations globally.
This privacy policy is divided into the following sections:
- Definitions and interpretation
- Data controller
- What this policy applies to
- What is Personal Data?
- How your Personal Data is collected
- How and why, we use your Personal Data
- The insurance life cycle
- What data do we collect?
- How and why, we use your Personal Data
- How and why, we use your Personal Data—sharing
- Marketing
- Who we share your Personal Data with
- How long will you keep my Personal Data?
- Transferring your Personal Data out of the UK
- What are my rights?
- How can I control my Personal Data?
- Can I withhold information?
- How can I access my Personal Data?
- How do you use Cookies?
- How to complain
- How to contact us
- Changes to this Privacy Policy
- Implementation of this Policy
- Definitions and interpretation
In this Policy the following terms shall have the following meanings:
‘Account’ means an account required to access and/or use certain areas and features of Our Site;
‘Cookie’ means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in Clause 19, below; and
‘Cookie Law’ means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003.
‘Our Site’ means the Unisure Website owned and operated by Unisure Limited.
- Data controller
We are the controller of Personal Data obtained via Our Site, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.
- What this policy applies to
This Privacy Policy applies only to your use of Our Site.
Throughout our website we may link to other websites owned and operated by certain trusted third parties. Those third-party websites may also gather information about you in accordance with their own separate privacy policies. Please note that we have no control over how your data is collected, stored, or used by other websites, for privacy information relating to those third-party websites, please consult their privacy policies as appropriate.
- What is Personal Data?
Personal Data is defined by the UK GDPR and the Data Protection Act 2018 (collectively, ‘the UK Data Protection Legislation’) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal Data is, in simpler terms, any information about you that enables you to be identified. Personal Data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
- How your Personal Data is collected
We collect Personal Data from you:
- directly, when you enter or send us information, such as when you register with us, contact us (including via email), send us feedback, post material to our website; and
- indirectly, such as your browsing activity while on our website; we will usually collect information indirectly using the technologies explained in Clause 19 on ‘Cookies’ below.
- How and why we use your Personal Data
Unisure understands that your privacy is important to you and that you care about how your Personal Data is used. We respect and value the privacy of everyone who visits this website and will only collect and use Personal Data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
Under data protection law, we can only use your Personal Data if we have a proper reason, e.g.:
- where you have given consent;
- to comply with our legal and regulatory obligations;
- for the performance of a contract with you or to take steps at your request before entering into a contract; or
- for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your Personal Data, so long as this is not overridden by your own rights and interests.
- The insurance life cycle
This policy describes how we, as a wholesale intermediary and Managing General Agent (‘MGA’), collect and use Personal Data about you during and after your engagement with us, in accordance with the UK Data Protection Legislation. In particular this policy is designed to help you understand how we process your Personal Data through the insurance lifecycle. Insurance is the pooling and sharing of risk in order to provide protection against a possible eventuality. In order to do this, information, including your Personal Data, needs to be shared between different insurance market participants. The insurance market is committed to safeguarding that information.
- What data do we collect?
Under the UK Data Protection Legislation, we must always have a lawful basis for using Personal Data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your Personal Data, or because it is in our legitimate business interests to use it.
The table below explains what we use your Personal Data for and why.
What we use your Personal Data for | Our reasons |
Creating and managing your Account with us | To perform our contract with you or to take steps at your request before entering into a contract |
Providing products AND/OR services to you | To perform our contract with you or to take steps at your request before entering into a contract |
Conducting checks to identify you and verify your identity or to help prevent and detect fraud against you or us |
To comply with our legal and regulatory obligations
|
Enforcing legal rights or defend or undertake legal proceedings |
Depending on the circumstances: -to comply with our legal and regulatory obligations -in other cases, for our legitimate interests, i.e., to protect our business, interests and rights |
Customising our website and its content to your particular preferences based on a record of your selected preferences or on your use of our website |
Depending on the circumstances: -your consent as gathered see ‘Cookies’ below -where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you If you have provided such a consent, you may withdraw it at any time (this will not affect the lawfulness of our use of your Personal Data in reliance on that consent before it was withdrawn) |
Retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our website is working as intended |
Depending on the circumstances: -your consent as gathered (see ‘Cookies’ below) -where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price If you have provided such a consent, you may withdraw it at any time by contacting us directly (please see Clause 21 – this will not affect the lawfulness of our use of your Personal Data in reliance on that consent before it was withdrawn) |
Communications with you not related to marketing, including about changes to our terms or policies or changes to the products AND/OR services or other important notices |
Depending on the circumstances: -to comply with our legal and regulatory obligations -in other cases, for our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service to you at the best price |
Protecting the security of systems and data used to provide the services |
To comply with our legal and regulatory obligations We may also use your Personal Data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, i.e., to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us |
Statistical analysis to help us understand our customer base | For our legitimate interests, i.e., to be as efficient as we can so we can deliver the best service to you at the best price |
Updating and enhancing customer records |
Depending on the circumstances: -to perform our contract with you or to take steps at your request before entering into a contract -to comply with our legal and regulatory obligations -where neither of the above apply, for our legitimate interests, e.g., making sure that we can keep in touch with our customers about existing orders and new products |
Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, e.g., to record and demonstrate evidence of your consents where relevant | To comply with our legal and regulatory obligations |
Marketing our services to existing and former customers |
For our legitimate interests, i.e., to promote our business to existing and former customers See ‘Marketing’ below for further information |
To share your Personal Data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency In such cases information will be anonymised where possible and only shared where necessary |
Depending on the circumstances: -to comply with our legal and regulatory obligations -in other cases, for our legitimate interests, i.e., to protect, realise or grow the value in our business and assets |
- How and why we use your Personal Data
Depending upon your use of Our Site, we may collect and hold some or all of the Personal Data set out in the table below, using the methods also set out in the table below:
Purpose | Processing operation | Lawful basis relied on under the UK GDPR | Relevant categories of Personal Data |
Communications with you not related to marketing, including about changes to our terms or policies or changes to the products or other important notices This may include responding to emails or calls from you
|
Addressing and sending communications to you as required by UK Data Protection Legislation, i.e.: -the UK GDPR or Data Protection Act 2018 the EU GDPR |
Processing is necessary for compliance with a legal obligation to which we are subject (Article 6(1)(b)) |
-your name, address and contact information, including email address and telephone number and company details -your account details (username) |
Addressing and sending communications to you about changes to our terms or policies or changes to the products or other important notices (other than those addressed above) | Our legitimate interests (Article 6(1)(f)), which is to be as efficient as we can so we can deliver the best service to you |
-your name, address and contact information, including email address and telephone number and company details -your account details (username) |
|
Administration |
Registering you on Our Site and administering Our Site
|
Our legitimate interests (Article 6(1)(f)), which is to be as efficient as we can so we can deliver the best service to you |
-your name, address and contact information, including email address and telephone number and company details -your account details (username) |
Providing products AND/OR services to you
|
To allow for the preparation of an accurately priced quotation for insurance as well as the proper administration of applications for insurance and insurance policies, including where appropriate for the administration of claims
|
Consent, Article 6.1(a) Contract Article 6.1(b) |
Name and Title Gender; Date of Birth; Passport Number; Addresses; Email Address; Telephone Number(s); Details of Occupation and/or Profession; Name and Address of Employer; Countries Visited as Part of Business Travel; Details of Tertiary Education; Country of Birth and Nationality Details; Basis of Legal Stay in Your Country of Residence; Details of Previous Countries of Residence; Preferences (such as Alcohol and Tobacco); Interests (such Hazardous Sport or Pastime); Insurance and Financial Information; Estate Planning Details; Family and Medical History; Details of Dependants; Details of Beneficiaries; and IP Address, Website security and integrity
|
Marketing |
With your permission and/or where permitted by law, we may also use your Personal Data for marketing purposes, which may include contacting you by email and / or telephone and /or post with information, news, and offers on our products and / or services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the UK Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out
|
Our legitimate interests (Article 6(1)(f)) |
-your name, address and contact information, including email address and telephone number and company details -your account details (username) |
We will only use your Personal Data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your Personal Data for that purpose. If we do use your Personal Data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in Clause 21.
If we need to use your Personal Data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.
In some circumstances, where permitted or required by law, we may process your Personal Data without your knowledge or consent. This will only be done within the bounds of the UK Data Protection Legislation and your legal rights.
- How and why we use your Personal Data—sharing
See Clause 12 ‘Who we share your Personal Data with’ for further information on the steps we will take to protect your Personal Data where we need to share it with others.
- Marketing
We will use your Personal Data to send you updates (by email, text message, telephone or post) about our products AND/OR services.
We have a legitimate interest in using your Personal Data for marketing purposes (see above ‘How and why we use your Personal Data’ Clause 6). This means we do not need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
You have the right to opt out of receiving marketing communications at any time by:
- contacting us at info@unisuregroup.com
- We may ask you to confirm or update your marketing preferences if you ask us to provide further products AND/OR services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your Personal Data with the utmost respect and never sell OR share it with other organisations outside the Unisure Group for marketing purposes.
For more information on your right to object at any time to your Personal Data being used for marketing purposes, see ‘What are my rights’ at Clause 15 below.
- Who we share your Personal Data with
We may share Personal Data with:
- other companies in our group, this includes our affiliates, our holding company, and its subsidiaries;
- third parties we use to help deliver our products AND/OR services to you, e.g., payment service providers, assistance firms;
- other third parties we use to help us run our business, e.g., marketing agencies or website hosts and website analytics providers.
We only allow those organisations to handle your Personal Data if we are satisfied, they take appropriate measures to protect your Personal Data. We also impose contractual obligations on them to ensure they can only use your Personal Data to provide services to us and to you.
We or the third parties mentioned above occasionally also share Personal Data with:
- our and their external auditors, e.g., in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations;
- our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
- law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations;
- other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your Personal Data will be bound by confidentiality obligations.
- How long will you keep my Personal Data?
We will not keep your Personal Data for any longer than is necessary in light of the reason(s) for which it was first collected and used.
Different retention periods apply for different types of Personal Data Your Personal Data will therefore be kept for the following periods:
- Quotations for 1 year after the date of quotation, thereafter the data collected will be anonymised;
- Active policies for 7 years after expiration or cancellation of the policy;
- If you stop using your account, we will delete or anonymise your account data after 7 years; and
- Following the end of the relevant retention period, we will delete or anonymise your Personal Data.
For full details of the Company’s approach to data retention, including retention periods for specific Personal Data types held by the Company, please refer to our Data Retention Policy, which is available on request.
- Transferring your Personal Data out of the UK
It is sometimes necessary for us to transfer your Personal Data to countries outside the UK. In those cases, we will comply with applicable UK data Protection Legislation designed to ensure the privacy of your Personal Data.
We may transfer your Personal Data to:
- Our insurance partners;
- Other companies in our group, this includes our affiliates, our holding company, and its subsidiaries. Where this involves the transfer of Personal Data outside the UK, Unisure ensures that Personal Data is protected by requiring all companies within the Unisure Group to follow the same rules with respect to Personal Data protection and usage;
- We may store or transfer some or all of your Personal Data in countries outside of the UK. These are known as third countries and may not have data protection laws that are as strong as those in the UK. This means that we will take additional contractual steps in order to ensure that your Personal Data is treated just as safely and securely as it would be within the UK and under the UK Data Protection Legislation.
- What are my rights?
Under the UK Data Protection Legislation, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your Personal Data. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Clause 21.
- The right to access the Personal Data we hold about you. Clause 18 will tell you how to do this.
- The right to have your Personal Data rectified if any of your Personal Data held by us is inaccurate or incomplete. Please contact us using the details in Clause 21 to find out more.
- The right to be forgotten, i.e., the right to ask us to delete or otherwise dispose of any of your Personal Data that we hold. Please contact us using the details in Clause 21 to find out more.
- The right to restrict (i.e., prevent) the processing of your Personal Data.
- The right to object to us using your Personal Data for a particular purpose or purposes.
- The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your Personal Data, you are free to withdraw that consent at any time.
- The right to data portability. This means that, if you have provided Personal Data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that Personal Data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your Personal Data in this way.
16. How can I control my Personal Data?
In addition to your rights under the UK Data Protection Legislation, set out in Clause 15 above, when you submit Personal Data via Our Site, you may be given options to restrict our use of your Personal Data.
You may also wish to sign up to one or more of the preference services operating in the United Kingdom: The Telephone Preference Service (TPS), the Corporate Telephone Preference Service (CTPS), and the Mailing Preference Service (MPS). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
- Can I withhold information?
You may access certain areas of Our Site without providing any Personal Data at all. However, to use all features and functions available on our site you may be required to submit or allow for the collection of certain data.
You may restrict our use of Cookies. For more information, see Clause 19 and our Cookie Policy.
- How can I access my Personal Data?
If you want to know what Personal Data we have about you, you can ask us for details of that Personal Data and for a copy of it (where any such Personal Data is held). This is known as a subject access request (SAR).
All subject access requests should be made in writing and sent by email to our Data Protection Officer (dpo@unisuregroup.com).
To make this as easy as possible for you, a Subject Access Request Form is available from our Data Protection Officer, for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is manifestly unfounded or excessive (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your Personal Data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
- How do you use Cookies?
Our Site comprises public areas and private areas which operate as two distinctly separate and segregated systems, and which perform different functions.
Users who access the public areas of Our Site, which are hosted in WordPress, may receive certain third-party Cookies on their computer or device. Third-party Cookies are those placed by websites, services, and/or parties other than us. Third-party Cookies are used on the public areas of Our Site for anonymous statistical analysis and marketing purposes.
These Cookies are not integral to the functioning of Our Site and your use and experience of Our Site will not be impaired by refusing consent to them.
Users who access the private areas of Our Site will be required to log in to access these areas. The private areas of Our Site are segregated from, and operate on a completely independent system to, the public areas of Our Site. We do not employ third-party cookies on the private areas of Our Site at present. Our Site may however place and access certain first-party Cookies on your computer or device. First-party Cookies are those placed directly by us and are used only by us.
All first-party Cookies used by and on Our Site are used in accordance with current Cookie Law. Because all first-party Cookies used by this site are vital to its functionality, we are not required to obtain specific consent for their use. We use such Cookies to facilitate and improve your experience of Our Site and to provide and improve our products and / or services. We have carefully selected these Cookies and have taken steps to ensure that your privacy and Personal Data is protected and respected at all times.
For further specific information on the Cookies we use, please refer to our Cookie Policy.
- How to complain
Please contact us if you have any queries or concerns about our use of your Personal Data. (see below ‘How to contact us’).
We hope we will be able to resolve any issues you may have.
You also have the right to lodge a complaint with:
the Information Commissioner in the UK. The UK’s Information Commissioner may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.
- How to contact us
To contact us about anything to do with your Personal Data and data protection, including to make a subject access request, please contact our Data Protection Officer.
Data Protection Officer – dpo@unisuregroup.com
22. Changes to this Privacy Policy
We may change this Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects Personal Data protection.
Any changes will be immediately posted on Our Site, and you will be deemed to have accepted the terms of the Privacy Policy on your first use and each and every subsequent use of Our Site following the alterations. We recommend that you check this page regularly to keep up to date.
- Implementation of this Policy
This Policy has been reviewed on 20 November 2023 and is due for review by 20 November 2024 or as and when required to account for changes to the UK Data Protection Legislation and/or European Union/UK adequacy decisions.